CVE-2022-1965

Summary

Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.

Affected Software

VendorProductVersion RangeStatus
CODESYSRuntime ToolkitV2 < V2.4.7.57affected
CODESYSPLCWinNTV2 < V2.4.7.57affected

Weaknesses

  • CWE-755: CWE-755 Improper Handling of Exceptional Conditions

ADP Enrichment

CVE Program Container

Additional References

References